NoRef.io is a free website/service that you can use to hide the user’s HTTP referer when clicking on hyperlinks you create.
In building NoRef.io, quite a number of performance and privacy considerations went into designing the service, namely:
Goals:
- Fast, really fast: the page should load in less than 100ms
- No server can should be able to see the redirect URL
- Reliable service
So, let’s see how we can accomplish all these goals.
Optimizing Speed
- Very small page size < 5 kb
- Fast load time < 100 ms over typical network
- The service should load with a single HTTP call, keeping all JS and CSS inline (inside one HTML page)
- Service is cacheable by a CDN’s edge network and the users’ web browsers (apply proper cache-control headers)
- Deliver page over gzip (compressed)
- Fast DNS service
So, how fast does it load?
UPDATE: this post doesn’t reflect the performance of the new version of noref.io.
Google Chrome measured it at <80ms. Sweet!
Maintaining Privacy
The goal is to make sure the redirect URLs are not recorded by the server (or any server). To accomplish that
- The page should not load any external Javascript script – in case the external service gets compromised, users’ privacy won’t get compromised
- Require page to be loaded under HTTPS, to prevent eavesdropping or man-in-the-middle attacks
- Place the redirect URL after the # sign in the URL (the redirect is performed by Javascript)
Reliability
The website should be served with redundancy, and cached by the CDN in case the server is unavailable.
For this task, we’ll utilize Cloudflare’s Always Online™ feature.
Web Server <-> CDN (CloudFlare) Edge Network <-> User
Cloudflare will store a copy of your website and serve that to your visitors if your server is ever unreachable.
Never miss new posts
Get the latest tech innovation news from Ryan delivered straight to your inbox!